You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by ma...@apache.org on 2009/06/18 03:08:52 UTC
svn commit: r785871 - in /hadoop/zookeeper/trunk: ./ src/c/include/
src/c/tests/ src/java/main/org/apache/zookeeper/server/
src/java/test/org/apache/zookeeper/test/
Author: mahadev
Date: Thu Jun 18 01:08:52 2009
New Revision: 785871
URL: http://svn.apache.org/viewvc?rev=785871&view=rev
Log:
ZOOKEEPER-433. getacl on root znode (/) fails. (phunt via mahadev)
Added:
hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java
Modified:
hadoop/zookeeper/trunk/CHANGES.txt
hadoop/zookeeper/trunk/src/c/include/zookeeper.h
hadoop/zookeeper/trunk/src/c/tests/TestClient.cc
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
Modified: hadoop/zookeeper/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/CHANGES.txt?rev=785871&r1=785870&r2=785871&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/CHANGES.txt (original)
+++ hadoop/zookeeper/trunk/CHANGES.txt Thu Jun 18 01:08:52 2009
@@ -119,6 +119,8 @@
ZOOKEEPER-375. zoo_add_auth only retains most recent auth on re-sync.
(mahadev)
+ ZOOKEEPER-433. getacl on root znode (/) fails. (phunt via mahadev)
+
IMPROVEMENTS:
ZOOKEEPER-308. improve the atomic broadcast performance 3x.
(breed via mahadev)
Modified: hadoop/zookeeper/trunk/src/c/include/zookeeper.h
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/c/include/zookeeper.h?rev=785871&r1=785870&r2=785871&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/src/c/include/zookeeper.h (original)
+++ hadoop/zookeeper/trunk/src/c/include/zookeeper.h Thu Jun 18 01:08:52 2009
@@ -128,11 +128,18 @@
extern ZOOAPI const int ZOO_PERM_ADMIN;
extern ZOOAPI const int ZOO_PERM_ALL;
+/** This Id represents anyone. */
extern ZOOAPI struct Id ZOO_ANYONE_ID_UNSAFE;
+/** This Id is only usable to set ACLs. It will get substituted with the
+ * Id's the client authenticated with.
+ */
extern ZOOAPI struct Id ZOO_AUTH_IDS;
+/** This is a completely open ACL*/
extern ZOOAPI struct ACL_vector ZOO_OPEN_ACL_UNSAFE;
+/** This ACL gives the world the ability to read. */
extern ZOOAPI struct ACL_vector ZOO_READ_ACL_UNSAFE;
+/** This ACL gives the creators authentication id's all permissions. */
extern ZOOAPI struct ACL_vector ZOO_CREATOR_ALL_ACL;
/**
Modified: hadoop/zookeeper/trunk/src/c/tests/TestClient.cc
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/c/tests/TestClient.cc?rev=785871&r1=785870&r2=785871&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/src/c/tests/TestClient.cc (original)
+++ hadoop/zookeeper/trunk/src/c/tests/TestClient.cc Thu Jun 18 01:08:52 2009
@@ -378,7 +378,8 @@
count = 0;
watchctx_t ctx1, ctx2, ctx3;
zhandle_t *zk = createClient(&ctx1);
-
+ struct ACL_vector nodeAcl;
+ struct ACL acl_val;
rc = zoo_add_auth(0, "", 0, 0, voidCompletion, (void*)-1);
CPPUNIT_ASSERT_EQUAL((int) ZBADARGUMENTS, rc);
@@ -435,6 +436,19 @@
// now try getting the data
rc = zoo_get(zk, "/tauth1", 0, buf, &blen, &stat);
CPPUNIT_ASSERT_EQUAL((int)ZOK, rc);
+ // also check for get
+ rc = zoo_get_acl(zk, "/", &nodeAcl, &stat);
+ CPPUNIT_ASSERT_EQUAL((int)ZOK, rc);
+ // check if the acl has all the perms
+ CPPUNIT_ASSERT_EQUAL((int)1, nodeAcl.count);
+ acl_val = *(nodeAcl.data);
+ CPPUNIT_ASSERT_EQUAL((int) acl_val.perms, ZOO_PERM_ALL);
+ // verify on root node
+ rc = zoo_set_acl(zk, "/", -1, &ZOO_CREATOR_ALL_ACL);
+ CPPUNIT_ASSERT_EQUAL((int) ZOK, rc);
+
+ rc = zoo_set_acl(zk, "/", -1, &ZOO_OPEN_ACL_UNSAFE);
+ CPPUNIT_ASSERT_EQUAL((int) ZOK, rc);
}
void testNullData() {
Modified: hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java?rev=785871&r1=785870&r2=785871&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java (original)
+++ hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java Thu Jun 18 01:08:52 2009
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -43,7 +44,9 @@
import org.apache.zookeeper.Watcher.Event;
import org.apache.zookeeper.Watcher.Event.EventType;
import org.apache.zookeeper.Watcher.Event.KeeperState;
+import org.apache.zookeeper.ZooDefs.Ids;
import org.apache.zookeeper.ZooDefs.OpCode;
+import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.common.PathTrie;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Stat;
@@ -193,15 +196,17 @@
aclKeyMap.put(acls, val);
return val;
}
-
+
/**
* converts a list of longs to a list of acls.
* @param longs the list of longs
* @return a list of ACLs that map to longs
*/
public synchronized List<ACL> convertLong(Long longVal) {
- if (longVal == null || longVal == -1L)
+ if (longVal == null)
return null;
+ if (longVal == -1L)
+ return Ids.OPEN_ACL_UNSAFE;
List<ACL> acls = longKeyMap.get(longVal);
if (acls == null) {
LOG.error("ERROR: ACL not available for long " + longVal);
Modified: hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java?rev=785871&r1=785870&r2=785871&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java (original)
+++ hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java Thu Jun 18 01:08:52 2009
@@ -439,7 +439,8 @@
}
boolean authIdValid = false;
for (Id cid : authInfo) {
- AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme());
+ AuthenticationProvider ap =
+ ProviderRegistry.getProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for "
+ cid.getScheme());
Added: hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java
URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java?rev=785871&view=auto
==============================================================================
--- hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java (added)
+++ hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java Thu Jun 18 01:08:52 2009
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.test;
+
+import org.apache.log4j.Logger;
+import org.apache.zookeeper.CreateMode;
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.ZooKeeper;
+import org.apache.zookeeper.ZooDefs.Ids;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Functional testing of asynchronous operations, both positive and negative
+ * testing.
+ *
+ * This just scratches the surface, but exercises the basic async functionality.
+ */
+public class ACLRootTest extends ClientBase {
+ private static final Logger LOG = Logger.getLogger(ACLRootTest.class);
+
+ @Before
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ LOG.info("STARTING " + getName());
+ }
+
+ @After
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ LOG.info("FINISHED " + getName());
+ }
+
+ @Test
+ public void testRootAcl() throws Exception {
+ ZooKeeper zk = createClient();
+ try {
+ // set auth using digest
+ zk.addAuthInfo("digest", "pat:test".getBytes());
+ zk.setACL("/", Ids.CREATOR_ALL_ACL, -1);
+ zk.getData("/", false, null);
+ zk.close();
+ // verify no access
+ zk = createClient();
+ try {
+ zk.getData("/", false, null);
+ fail("validate auth");
+ } catch (KeeperException.NoAuthException e) {
+ // expected
+ }
+ try {
+ zk.create("/apps", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ fail("validate auth");
+ } catch (KeeperException.InvalidACLException e) {
+ // expected
+ }
+ zk.addAuthInfo("digest", "world:anyone".getBytes());
+ try {
+ zk.create("/apps", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ fail("validate auth");
+ } catch (KeeperException.NoAuthException e) {
+ // expected
+ }
+ zk.close();
+ // verify access using original auth
+ zk = createClient();
+ zk.addAuthInfo("digest", "pat:test".getBytes());
+ zk.getData("/", false, null);
+ zk.create("/apps", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ zk.delete("/apps", -1);
+ // reset acl (back to open) and verify accessible again
+ zk.setACL("/", Ids.OPEN_ACL_UNSAFE, -1);
+ zk.close();
+ zk = createClient();
+ zk.getData("/", false, null);
+ zk.create("/apps", null, Ids.OPEN_ACL_UNSAFE,
+ CreateMode.PERSISTENT);
+ try {
+ zk.create("/apps", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ fail("validate auth");
+ } catch (KeeperException.InvalidACLException e) {
+ // expected
+ }
+ zk.delete("/apps", -1);
+ zk.addAuthInfo("digest", "world:anyone".getBytes());
+ zk.create("/apps", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ zk.close();
+ zk = createClient();
+ zk.delete("/apps", -1);
+ } finally {
+ zk.close();
+ }
+ }
+}